Configuring services

This page describes how to create a service, and how to edit a service. Both creating and editing a service use the same form.


Console: new service


Name of the service. Will be used to generate hostname if Use suggested domain is chosen (see below)

Cluster ID#

Cluster to deploy service on.


What type of service to deploy/expose. Three options exist:

1. Knative Service#

Deploy a new knative service.

Container image repositoryThe full repository url of the image (i.e. otomi/console)
Container image tagThe image tag (i.e. latest)

1.1 Scale to zero#

Will bring down service if not accessed for 60 seconds. Will also disable probes that check to see if the service is up.

1.2 Container image#

  • repository: The image repository of the container to deploy.
  • tag: The image tag of the container to deploy. We recommend semver version tags for a sane deployment strategy. For more on that see section AutoCD below.

1.3 Environment variables#

Provide all the needed environment variables that are needed for your container to run.

1.4 Pod resources#

Please refer to the kubernetes documentation for in depth information on how to determine the values your workload needs.

1.4.1 Requests#

  • cpu: the guaranteed amount of CPU
  • memory: the guaranteed amount of RAM

1.4.2 Limits#

  • cpu: the maximum amount of CPU
  • memory: the maximum amount of RAM

NOTE: Limits are not guaranteed. If you need guaranteed resources, set higher requests.

1.5 Pod annotations#

Kubernetes annotations with arbitrary metadata.

2. Existing Knative Service#

Expects a readily deployed knative service by the name given. This option will do an internal rewrite of the public url to the existing knative url.

3. Existing Kubernetes Service#

Expects a readily deployed Kubernetes service by the name given.


Controls wether internet exposure should be enabled or not. Two options exist:

  • Private
  • Public URL

A private service has no internet exposure, and is only accessible in the cluster.

Public URL#

A public URL will have a hostname that consists of $HOST_NAME.$DNS_ZONE. Options are described below.

Use suggested domainThe suggested domain is the team domain for which a wildcard certificate already exists
HostChoose a hostname that will be the prefix of the domain
DNS ZoneChoose a dns zone that will be the suffix of the domain
Authenticate with Single Sign OnForwards any unauthenticated traffic to the Keycloak login page, which might forward to an external IDP
Already has a certificateDon't generate certificates for this service
> Certificate ARN[AWS only] Provide the certificate arn
> Select existing secret name[non AWS] Provide a TLS secret name previously created under Secrets. Override to select name of secret not known here.


Wether or not to allow automatic deployment of image tags that match the chosen strategy's matcher.

OffNo automatic continuous deployment
Semver versioningSemver version pattern. Use this filter if your images tags follow semantic versioning rules (MAJOR.MINOR.PATCH). E.g.: PATCH only: "~1.1", MINOR and PATCH only "~1", ALL "*"
Glob pattern matchingGlob string pattern. Use this filter if you want to make simple non-standard patterns. E.g.: "master-v1.."